Project quality management for small and medium enterprises (SMEs) in trade

Managing project quality is becoming focal issue in major enterprises as popular quality programs from International Standard Organization (ISO) such as ISO9000 certification processes gain momentum. Large organizations as well as small-medium enterprises (SMEs) seem to implement this program, albeit for varied reasons. In this paper, we have reported the findings from an action research project conducted in SMEs who are implementing quality management. The findings indicate that external pressures such as regulations, competition and perceived success - defined on their own parameters, may be the drivers and the certification does not necessarily result in better performance. We are in the process of developing a cost-effective guideline/framework - based on this research, for SMEs involved in the certification process. In addition, the results are aimed at informing academia as well as certification bodies of specific concerns with SMEs.

Fostering information security culture in small and medium size enterprises: an interpretive study in Australia

By having an effective organisational information security culture where employees intuitively protect corporate information assets, small and medium size enterprises (SMEs) could improve information security. However, previous research has largely overlooked the development of such a culture for SMEs, and the national context in which SMEs operate. The paper explores this topic and provides key findings from an interpretive Australian study based on a literature review, two focus groups and three case studies. A holistic framework is provided for fostering an information security culture in SMEs in a national setting. The paper discusses key managerial challenges for SMEs attempting to develop such a culture. The main findings suggest that Australian SME owners do not provide sufficient support for information security due to insufficient awareness of its importance and may also be affected by national attitudes to risk. The paper concludes that Australian SME owners may benefit from adopting a risk-based approach to information security and should be educated about the potential strategic role of information technology and information security. The paper also identifies the value and difficulty of promoting a behavioural and learning approach to information security to complement traditional technological and managerial approaches. Implications for theory and practice are discussed.